Australian companies to face fines of $50m for data breaches

After Optus and Medibank reported significant breaches of customer data, including sensitive health information, the Albanese government was now moving to increase penalties for serious or repeated breaches of customer data.

The legislation would also give the Australian information commissioner greater powers to resolve breaches. It would seek to ensure more information on the nature of the breach and compromised information goes to the commissioner so they could judge the risk of harm to individuals. It would also give the commissioner greater information-sharing powers.

That was in addition to the review of the privacy act the attorney general has already ordered, which was due to be handed back by the end of the year. Those recommendations could lead to further law changes.

The amendments to the privacy legislation will be introduced during one of the busiest weeks the government has had so far, with Labor also handing down its first budget and introducing industrial relations legislation aimed at overhauling bargaining.

The Coalition has already pressed the Labor government to do more on privacy laws after the Optus hack, and was expected to support the legislation which should ensure its transition through the parliament.